setthesun
Sep 25 2004, 05:53 PM
Jepg of Death;
http://www.k-otik.com/exploits/09252004.JpegOfDeath.c.phpsh;
http://www.k-otik.com/exploits/09222004.ms04-28.sh.phpC;
http://www.k-otik.com/exploits/09222004.ms04-28-cmd.c.phpI tried C version (with custom shellcode and default) and it's always crash whole IExplorer.exe (XP non-patched)
Is there any stable version ? Execute without crashing...
Zero-X
Sep 26 2004, 02:56 PM
I tryed JPEG of death but doesnt seems to work perfectly when you send it to a remote box..
boshcash
Sep 26 2004, 04:05 PM
not enough tests didnt see any jpg exploit working didnt try sh files im on a windows system , also looking for an exploit which u can attach a real jpg to the file so it doesnt say drawing failed
setthesun
Sep 27 2004, 03:20 AM
I think the best way to exploit this we should try to exploit Outlook Express and Office Applications, IE is not vulnerable directly. Also I should to force IE to show only image but it's not working too.
Also I try to send email linked HTML it's not working again.
Embedding may works but is there any idea how can I embed image to Outlook ?
If I can try to embed image viA standard HTML email sender (like outlook etc.) it's not working. We should write / embed directly with an application.
Any idea ?
